Privacy Policy
CrossFit East Bay is committed to safeguarding your privacy and ensuring the security of your personal information. This Privacy Policy outlines our practices concerning the collection, use, sharing, and protection of information gathered through our website at https://crossfiteastbay.com, in full compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. We place your privacy as a first priority and are dedicated to transparency regarding how we handle your data.
1. Commitment to Privacy and Data Protection
We respect the privacy of all visitors and users of our website. We strive to ensure that your personal data is collected, processed, stored, and disposed of in a secure and responsible manner. Our data processing activities are aligned with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
2. Scope of Policy and Role as Data Controller
This Privacy Policy applies to all personal data collected through the website crossfiteastbay.com and any related services. CrossFit East Bay operates as the data controller in relation to the personal data you provide to us. “Data controller” implies that we determine the purpose and means of processing your personal information.
If you have any questions or concerns regarding this Policy or our data practices, please contact us at [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a) Usage Data:
Includes technical and behavioral information about your use of our site, such as browser type, IP address, timestamps, page views, session duration, interaction data, and referring URLs.
b) Account Data:
Includes your first name, last name, email address, mailing address, phone number, and other contact information provided when creating or updating an account.
c) Profile Data:
Includes demographics, user preferences, purchase history, workout or class behavior, and fitness-related goals or interests.
d) Communication Data:
Includes any correspondence you initiate with us, such as support inquiries, form submissions, and records of communications sent to or from our email systems.
e) Technical Data:
Includes information about the devices used to access our site, including device type, operating system, browser settings, language settings, and configuration data.
f) Transaction Data:
Includes billing address, payment details (through third-party processors), order history, delivery statuses, and refund information.
g) Preference Data:
Includes your marketing and communications preferences, opt-ins or opt-outs from newsletters, and your stated interests or consent selections regarding products, services, or content.
4. Legal Bases for Processing
We process your personal data based on the following lawful grounds:
– Performance of a contract: When data is necessary for delivering services you requested or enrolled in (e.g., membership enrollment).
– Consent: Where you have given clear permission for us to process personal data (e.g., receiving marketing communications).
– Legitimate interest: To pursue operational business interests that do not override your rights (e.g., site analytics, service updates, fraud prevention).
– Compliance with legal obligations: For fulfilling our legal and regulatory responsibilities.
5. Your Rights
In accordance with GDPR and CCPA, you have the following data protection rights:
– Access: To request copy of personal data we hold about you.
– Rectification: To request correction of inaccurate or incomplete data.
– Erasure (“Right to be Forgotten”): To request deletion of your data where legally applicable.
– Restriction: To request limitation on the processing of your data.
– Data Portability: To request a copy of your data in a structured, commonly-used machine-readable format where applicable.
– Objection: To object to processing based on our legitimate interests or for direct marketing purposes.
– Withdrawal of Consent: Where processing is based on consent, you may withdraw that consent at any time.
To exercise any of the above rights, please contact us at [email protected]. We may request verification of your identity before processing such requests.
6. Security Measures
We implement appropriate technical and organizational security measures to protect your personal data. These include:
– Encryption protocols for data in transit and at rest
– Role-based access controls to minimize who can access your data
– Regular system and backup processes
– Ongoing training for personnel on privacy and data protection best practices
7. International Data Transfers
If personal data is transferred outside of your jurisdiction, including to countries that may not have equivalent data protection laws, we ensure such transfers are made in compliance with applicable regulations. Where applicable, we use Standard Contractual Clauses or other legally valid mechanisms to ensure adequate protection of your information across borders.
8. Data Retention
We retain personal data only as long as required to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The following are general retention periods by category:
– Usage Data: up to 12 months
– Account Data: for duration of account tenure + 24 months
– Profile and Preference Data: for duration of engagement + 24 months
– Communication Data: up to 36 months
– Transaction Data: retained per financial compliance laws (typically 7 years)
Data no longer required is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to ensure optimal functionality and user experience. Categories include:
– Essential Cookies: Required for website operation and core functionality (e.g., login sessions).
– Functional Cookies: Enhance usability or remember preferences.
– Analytics Cookies: Provide aggregated data insights into user behavior using platforms like Google Analytics.
– Performance Cookies: Improve site speed, responsiveness, and performance metrics.
10. Cookie Management and Compliance
When you visit crossfiteastbay.com, you are presented with cookie consent tools that align with GDPR and CCPA requirements. You may manage or withdraw your consent at any time by adjusting your browser settings or accessing the cookie preferences tool provided on our site.
We also honor Global Privacy Control (GPC) signals from supported browsers and enable “Do Not Sell My Personal Information” links for California residents, allowing you to opt out of data sharing practices.
11. Children’s Privacy
We do not knowingly collect or process personal information from children under the age of 13. If we become aware that such data has been inadvertently collected, appropriate steps will be taken to delete the information or obtain verifiable parental consent. Parents or guardians may contact [email protected] with inquiries.
12. Policy Updates
We reserve the right to amend or update this Privacy Policy to reflect changes in legislation, technology, or our business practices. When material changes are made, we will notify users through appropriate channels, including on-site banners or communications sent to your registered contact details.
13. Contact Us
If you have questions, concerns, or requests regarding your personal information or this Privacy Policy, please reach out to us at:
Email: [email protected]
Website: https://crossfiteastbay.com
We are committed to adhering to all applicable privacy laws and industry standards to protect your data. Thank you for trusting CrossFit East Bay with your personal information.
For all privacy-related concerns or data rights requests, you are welcome to contact us directly.